Extended Laundry List - July 24, 2008

Good Morning:
The travel gods conspired against me last night, so I decided to do another extended laundry list, as opposed to a full TDI this morning. I'll wrap up with a TDI tomorrow morning.

1. PCI is a priest? Why not a Rabbi? OK, Newby isn't talking about real religion, but many practice security as more mysticism than science. Personally, I think doing it right involves a lot of art, but Rob brings up some decent points. - Rob Newby's blog
2. I guess we really can't get away. The Mogull rants in his Dark Reading column about how consumerization is attacking the business world and how that will impact security - Mogull Dark Reading column
3. A rehash of the old immune system metaphor for security. It's still as effective as ever. But at the end of the day, most folks don't take care of themselves, what makes us think they'll take care of their security? - NetworkWorld coverage
   
   
4. Curphrey figures GRC isn't interesting, but the framework to integrate people, process and technology are. The wonderful thing about an acronym is that GRC can mean anything to anyone at anytime, and it usually does. Do you need ERP for compliance? That's the crux of the GRC debate. - Curphrey blog
   
   
5. Is it better to build or buy security monitoring? No religion or dogma here. I don't care. Just make sure you monitor. - SearchCIO-midmarket coverage
   
   
6. Why use the old thing, when you can have a shiny new object? Lonervamp asks the question, but I suspect he already knows the answer. Security sales reps need new BMW's - that's why! - Lonervamp blog
   
   
7. MXLogic introduces a paid research service to help stay "ahead" of the bad guys. If I've said it once, I've said it a million times. It's much more lucrative to apply a crystal ball to the financial markets. So if you have one, why waste time in security? - Enterprise Systems Journal coverage
   
   
8. Clearswift bolsters DLP capabilities on their email gateway. Is it "good enough?" Depends on who you ask. I suspect the DLP vendors have a million reasons why you need a costly, hard to integrate dedicated infrastructure. - Clearswift release
   
   
9. New computer: $600. Cost to clean it up after it's been on the network, unpatched for 5 minutes: $2000. The fact that some people still connect unpatched machines to the network: priceless. That's right - 5 minutes to pwnage. I wonder if the XP service pack downloads that quickly? - NetworkWorld coverage
   
   
10. Mitnick gets a tell-all book deal. He'll detail how many ways you can use KY in the slammer. And maybe a bit about social engineering. I can't wait to hear what tale of woe has resulted in his "issues." Maybe he wasn't hugged enough as a kid. - Silicon Alley Insider
    
    
11. Even the "red team" can get better. Of course they can. We all can improve in what we do. I like the fact that the Government has people responsible to test defenses. If you aren't testing, you'll be surprised and security folk hate surprises. - Veracode blog
    
    
12. The chum is in the water. After Enrique basically tells the channel he's going to screw them, it seems there are a few options for VARs to consider besides the Big Yellow. You think? - CRN slideshow

Photo credit: "The Addam's Family Laundry" originally uploaded by DanielaNob